Hi Andy,
we solved this using a Servlet filter. See below for implementation.
It assumes that there is a "userId" set in the session mapping. If you don't
need that, you need to do a httpRequest.getSession(false) and simply test
whether ist null or not.
HTH
Frank Felix
public class SessionTracker implements Filter
{
private static final Log log =
LogFactory.getLog(SessionTracker.class);
private static ThreadLocal<HttpSession> _httpSession = new
ThreadLocal<HttpSession>();
private static ThreadLocal<HttpServletRequest> _httpRequest = new
ThreadLocal<HttpServletRequest>();
/**
* Initialize.
*/
public void init(FilterConfig config)
{
log.debug("initializing");
}
/**
* Finish.
*/
public void destroy()
{
log.debug("destroy");
}
/**
* Remember http session in current thread and
* check authentification.
*/
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
// determine http session
HttpSession httpSession = null;
if (request!=null && (request instanceof HttpServletRequest))
{
HttpServletRequest httpRequest =
(HttpServletRequest)request;
httpSession = httpRequest.getSession(true);
_httpRequest.set(httpRequest);
_httpSession.set(httpSession);
// check whether we need authentication, if yes, check if
// authenticated (could also be the other way round...)
if (isProtected(httpRequest.getRequestURI()))
{
Object object = (httpSession.getAttribute( "userId"
));
if (object==null)
{
// not logged in, redirect
redirectToLoginPage(response);
return;
}
}
}
chain.doFilter(request, response);
_httpRequest.set(null);
_httpSession.set(null);
}
/**
* Returns true if this path requires a login.
*/
private boolean isProtected(String path)
{
// add your code here
}
/**
* Does a redirect to the login page.
*/
private void redirectToLoginPage(ServletResponse response)
{
if (log.isDebugEnabled())
{
log.debug("trying a redirect to the login page");
}
try
{
HttpServletResponse httpResponse =
(HttpServletResponse)response;
httpResponse.reset();
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(
// add your URL here
)
);
}
catch (Exception exc)
{
log.warn("could not redirect to login page", exc);
}
}
/**
* Current http session.
*
* @return the current session
*/
public static HttpSession getHttpSession()
{
return _httpSession.get();
}
/**
* Current http request.
*
* @return the current request
*/
public static HttpServletRequest getHttpRequest()
{
return _httpRequest.get();
}
}
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 14, 2006 2:45 PM
To: [email protected]
Subject: AW: HttpSessionListener -->How to react, when Session is not valid
anymore
So what can I do in my case?
Is there another possibility to react on a session Timeput and redirection
of the user?
Regards,
Andy
-----Ursprüngliche Nachricht-----
Von: Matthias Wessendorf [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 14. Februar 2006 14:41
An: MyFaces Discussion
Betreff: Re: HttpSessionListener -->How to react, when Session is not valid
anymore
Hi Andreas,
for each request there is one FacesContext obj, so it is not associated to
the user's (http) session.
-Matthias
On 2/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
>
>
> Hi!
>
> I have just implemented a HttpSessionListener to react on the event,
> when the session is not valid anymore.
>
> Now I want to redirect the user to my login page again, when the
> session is timed out...
>
> The Problem is, that the FacesContext is also null, when the session
> is timed out...
> So how can I do a redirect, if I don't have a FacesContext?
>
>
> So my listener looks like this:
> public final class MyContextListener implements HttpSessionListener {
>
> public void sessionCreated(HttpSessionEvent arg0) {
> // TODO Auto-generated method stub
>
> }
>
> public void sessionDestroyed(HttpSessionEvent arg0) {
> System.out.println("SESSION ABGELAUFEN");
>
> HttpServletRequest req = (HttpServletRequest)
> FacesContext.getCurrentInstance().getExternalContext().getRequest();
>
> HttpServletResponse res
> =(HttpServletResponse)FacesContext.getCurrentInstance().getExternalCon
> text().getResponse();
>
>
> try {
>
> req.getRequestDispatcher("/logout.jsp").forward(req,
> res);
> }
> catch (ServletException e2) {
> e2.printStackTrace();
> } catch (IOException e2) {
> e2.printStackTrace();
> }
> }
> }
> ______________________________________________________________________
> Diese Nachricht ist fuer die MAGNA STEYR Fahrzeugtechnik AG & Co KG
> rechtsunverbindlich! - This message is not legally binding upon MAGNA
> STEYR Fahrzeugtechnik AG & Co KG! This email and any files transmitted
> with it are confidential and intended solely for the use of the
> individual or entity to whom they are addressed. If you have received
> this email in error please notify your system manager. This footnote
> also confirms that this email message has been swept for the presence of
computer viruses.
> ______________________________________________________________________
>
--
Matthias Wessendorf
Zülpicher Wall 12, 239
50674 Köln
http://www.wessendorf.net
mwessendorf-at-gmail-dot-com
______________________________________________________________________
Diese Nachricht ist fuer die MAGNA STEYR Fahrzeugtechnik AG & Co KG
rechtsunverbindlich!
- This message is not legally binding upon MAGNA STEYR Fahrzeugtechnik AG &
Co KG!
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify your system manager.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.
______________________________________________________________________
